<?php
	header('content-type:text/html;charset=utf-8');
	date_default_timezone_set("Asia/Chongqing");
	require('../class/autoload.php');
	session_start();

	/*
		### 验证来路路径是否合法

	*/
	$uri = parse_url(@$_SERVER["HTTP_REFERER"])['path'];
//	echo $uri;
	$uris = array(
	  '/ledger/before/login.html',
	  '/ledger/before/main.html',
	  '/ledger/before/password.html',
	  '/ledger/before/register.html',
	  '/ledger/before/ledger_create.html',
	  '/ledger/before/ledger_design.html',
	  '/ledger/before/ledger_detail.html',
	  '/ledger/after/password.html'
	);
	if(!in_array($uri,$uris)){
	 	exit('10004');
	}



	/*
		### 获取验证码图片
		http://www.yunpan.top/interface/before_interface.php?type=code
	*/
	if($_REQUEST['type'] == 'code'){
		require_once "../class/plugin/vcode.class.php";
		Code\VCode::GetCode();
		exit;
	}

	//需要验证验证码的请求
	$vcode_arr = array(
		'register',
		'changePassword',
	);
	if(in_array($_REQUEST['type'],$vcode_arr)){
		require_once "../class/plugin/vcode.class.php";
		$vcode = I('vcode','p');
		if(!Code\VCode::Check_Code($vcode)){
			exit('10003');	//验证码不正确
		}
	}


	//验证用户名
	$account = intval(I('account'));
	if(!$account){
		exit('10001');
	}
	$account_arr = array(	//跳过验证用户名与seisson的项
		'login',
		'register'
	);
	if(!in_array($_REQUEST['type'],$account_arr)){
		if($account != @$_SESSION['ledger_account']){
			exit('100011');
		}
	}

	$token_arr = array(		//跳过token验证的项
		'login',
		'register',
		'exit'
	);
	if(!in_array($_REQUEST['type'],$token_arr)){
		$token1 = I('token1');
		if(!VerifyToken1($account,$token1,1)){		 	//验证token
			//exit('10002');
		}
	}



	$tokenv_arr = array(		//跳过获取token的项

	);
	if(!in_array($_REQUEST['type'],$tokenv_arr)){
		$tmp_arr = array(
			'token1'=>SetToken1($account,1)
		);
	}





	switch ($_REQUEST['type']) {

		default :
			echo 'default';
			dump($_FILES);
			dump($_REQUEST,1);
			break;




		//


		//获取分类字段的值列表
		case '_getSelectVals':
			$tname = I('tname','p');
			$lname = I('lname','p');
			_checkVal($tname,$lname);//检测变量
			$pdo = MyPdo2::init();
			$sql = "select {$lname} from {$tname} group by {$lname}";
			$res = $pdo->dql($sql,array());
			if($res){
				$tmp_arr['data'] = $res;
			}else{
				$tmp_arr['data'] = array();
			}
			exit(json_encode($tmp_arr));
			break;






		//删除台账
		case '_delLedger':
			$tname = I('tname','p');
			_checkVal($tname);//检测变量
			$pdo = MyPdo2::init();
			$sql = "delete from ledger_list where account = ? and tname = ?";
			$res = $pdo->dml($sql,array($account,$tname));
			if($res){
				$sql2 = "drop table {$tname}";
				$res2 = $pdo->dml($sql2,array());
				$tmp_arr['stat'] = 'ok';
			}else{
				$tmp_arr['stat'] = 'err2';	//添加失败
			}
			exit(json_encode($tmp_arr));
			break;



		//修改记录
		case 'updateInfo':
			$tname = I('tname','p');
			$id = intval(I('id','p'));
			unset($_POST['id']);
			unset($_POST['type']);
			unset($_POST['token1']);
			unset($_POST['account']);
			unset($_POST['tname']);
			_checkVal($tname,$id);//检测变量
			if(count($_POST) < 1){
				$tmp_arr['stat'] = 'err2';	//没有数据
				exit(json_encode($tmp_arr));
			}

			$vals = array();
			$valStr = '';
			foreach($_POST as $k=>$v){
				$valStr .= $k.'=?,';
				$vals[] = $v;
			}
			$valStr = trim($valStr,',');
			$vals[] = $id;
			$pdo = MyPdo2::init();
			$sql = "update {$tname} set {$valStr} where id = ?";
			$res = $pdo->dml($sql,$vals);
			if($res){
				$tmp_arr['stat'] = 'ok';
			}else{
				$tmp_arr['stat'] = 'err3';	//添加失败
			}
			exit(json_encode($tmp_arr));
			break;






		//删除记录
		case '_delInfo':
			$id = intval(I('id','p'));
			$tname = I('tname','p');
			_checkVal($tname,$id);//检测变量
			$pdo = MyPdo2::init();
			$sql = "delete from {$tname} where id = ?";
			$res = $pdo->dml($sql,array($id));
			if($res){
				$tmp_arr['stat'] = 'ok';
			}else{
				$tmp_arr['stat'] = 'err2';
			}
			exit(json_encode($tmp_arr));
			break;





		//获取记录列表
		case '_getInfoList':
			$tname = I('tname','p');
			$selectField = I('selectField','p');
			$selectFieldVal = I('selectFieldVal','p');
			$searchField = I('searchField','p');
			$searchVal = I('searchVal','p');
			$pnow = intval(I('pnow','p'));
			$pnow = $pnow<1?1:$pnow;


			_checkVal($tname);//检测变量

			if(!_checkChar($tname) || !_checkChar($selectField) || !_checkChar($selectFieldVal) || !_checkChar($searchField) || !_checkChar($searchVal)){
				$tmp_arr['stat'] = 'err2';
				exit(json_encode($tmp_arr));
			}
			
			$pdo = MyPdo2::init();

			$limit = 10;
			$lstart = ($pnow - 1) * $limit;

			if($selectField && $selectFieldVal && $selectFieldVal != 'all'){
				if($searchField && $searchVal){
					$sql = "select * from {$tname} where {$selectField}='{$selectFieldVal}' and {$searchField} like '%{$searchVal}%' order by id desc limit {$lstart},{$limit}";
				}else{
					$sql = "select * from {$tname} where {$selectField}='{$selectFieldVal}' order by id desc limit {$lstart},{$limit}";
				}
			}else{
				if($searchField && $searchVal){
					$sql = "select * from {$tname} where {$searchField} like '%{$searchVal}%' order by id desc limit {$lstart},{$limit}";
				}else{
					$sql = "select * from {$tname} order by id desc limit {$lstart},{$limit}";
				}
			}
			$p_arr = array();

			$res = $pdo->dql($sql,$p_arr);
			if($res){
				$tmp_arr['data'] = $res;
			}else{
				$tmp_arr['data'] = array();
			}
			exit(json_encode($tmp_arr));
			break;



		//添加新记录
		case 'addNewInfo':
			$tname = I('tname','p');
			unset($_POST['type']);
			unset($_POST['token1']);
			unset($_POST['account']);
			unset($_POST['tname']);
			_checkVal($tname);//检测变量
			if(count($_POST) < 1){
				$tmp_arr['stat'] = 'err2';	//没有数据
				exit(json_encode($tmp_arr));
			}

			$fieldNames = '';
			$vals = array();
			$valStr = '';
			foreach($_POST as $k=>$v){
				$fieldNames .= $k.',';
				$valStr .= '?,';
				$vals[] = $v;
			}
			$fieldNames = trim($fieldNames,',');
			$valStr = trim($valStr,',');
			$pdo = MyPdo2::init();
			$sql = "insert into {$tname}({$fieldNames}) values({$valStr})";
			$res = $pdo->dml($sql,$vals);
			if($res){
				$tmp_arr['stat'] = 'ok';
			}else{
				$tmp_arr['stat'] = 'err3';	//添加失败
			}
			exit(json_encode($tmp_arr));
			break;



		//获取并检查两表的字段
		case 'getOrCheckField':
			$tname = I('tname','p');
			_checkVal($tname);//检测变量
			$pdo = MyPdo2::init();
			$sql = "select column_name from information_schema.columns where table_name = ? and table_schema='ledger'";
			$res = $pdo->dql($sql,array($tname));
			if($res){
				$columnCount = count($res);
				$sql2 = "select fields from ledger_list where account = ? and tname = ?";
				$res2 = $pdo->dql($sql2,array($account,$tname),1);
				if(@$res2['fields']){
					$fields = json_decode($res2['fields'],1);
					$fieldCount = count($fields);
					if($fieldCount + 1 == $columnCount){	//字段数一致
						$tmp_arr['data'] = $fields;
						exit(json_encode($tmp_arr));
					}
				}
			}
			$tmp_arr['data'] = array();	//数据异常
			exit(json_encode($tmp_arr));
			break;




		//文本域转换
		case '_changeArea':
			$fname = I('fname','p');
			$tname = I('tname','p');
			_checkVal($tname,$fname);//检测变量
			$pdo = MyPdo2::init();
			$sql = 'select fields from ledger_list where account = ? and tname = ?';
			$res = $pdo->dql($sql,array($account,$tname),1);
			if(@$res['fields']){
				$res_arr = json_decode($res['fields'],1);
				$inputLength = 100;
				foreach($res_arr as $k=>$v){
					if($v['fieldTname'] == $fname){
						if(@$v['isArea']){
							$res_arr[$k]['isArea'] = false;
						}else{
							$res_arr[$k]['isArea'] = true;
							$inputLength = 2000;
						}
					}
				}
				$sql2 = 'update ledger_list set fields = ? where account = ? and tname = ?';
				$res2 = $pdo->dml($sql2,array(json_encode($res_arr),$account,$tname));
				if($res2){
					$tmp_arr['stat'] = 'ok';
					$sql3 = "alter table {$tname} change {$fname} {$fname} varchar({$inputLength}) default ''";
					$pdo->dml($sql3,array());

				}else{
					$tmp_arr['stat'] = 'err2';
				}
			}else{
				$tmp_arr['stat'] = 'err2';	//数据异常
			}
			exit(json_encode($tmp_arr));
			break;




		// //获取以设置的分类和搜索字段
		// case '_getSelectOrSearchFiled':
		// 	$tname = I('tname','p');
		// 	_checkVal($tname);//检测变量
		// 	$pdo = MyPdo2::init();
		// 	$sql = 'select select_field,search_field from ledger_list where account = ? and tname = ?';
		// 	$res = $pdo->dql($sql,array($account,$tname),1);
		// 	if($res){
		// 		$tmp_arr['data'] = $res;
		// 	}else{
		// 		$tmp_arr['data'] = array();
		// 	}
		// 	exit(json_encode($tmp_arr));
		// 	break;



		//置为搜索项
		case '_setSearch':
			$fname = I('fname','p');
			$tname = I('tname','p');
			_checkVal($tname,$fname);//检测变量
			$pdo = MyPdo2::init();
			$sql = 'select fields from ledger_list where account = ? and tname = ?';
			$res = $pdo->dql($sql,array($account,$tname),1);
			if(@$res['fields']){
				$res_arr = json_decode($res['fields'],1);
				foreach($res_arr as $k=>$v){
					if($v['fieldTname'] == $fname){
						if(@$v['isSearch']){
							$res_arr[$k]['isSearch'] = false;
						}else{
							$res_arr[$k]['isSearch'] = true;
						}
					}
				}
				$sql2 = 'update ledger_list set fields = ? where account = ? and tname = ?';
				$res2 = $pdo->dml($sql2,array(json_encode($res_arr),$account,$tname));
				if($res2){
					$tmp_arr['stat'] = 'ok';
				}else{
					$tmp_arr['stat'] = 'err2';
				}
			}else{
				$tmp_arr['stat'] = 'err2';	//数据异常
			}
			exit(json_encode($tmp_arr));




			// exit;
			// $fname = I('fname','p');
			// $tname = I('tname','p');
			// _checkVal($tname,$fname);//检测变量
			// $pdo = MyPdo2::init();
			// $sql = 'select search_field from ledger_list where account = ? and tname = ?';
			// $res = $pdo->dql($sql,array($account,$tname),1);
			// if(@$res['search_field']){
			// 	$search_arr2 = json_decode($res['search_field'],1);
			// 	$search_arr = array();
			// 	$in_stat = false;
			// 	foreach($search_arr2 as $k=>$v){
			// 		if($fname == $v){
			// 			$in_stat = true;
			// 			continue;
			// 		}
			// 		$search_arr[] = $v;
			// 	}
			// 	if(!$in_stat){
			// 		$search_arr[] = $fname;
			// 	}

			// }else{
			// 	$search_arr = array($fname);
			// }
			// $sql2 = 'update ledger_list set search_field = ? where account = ? and tname = ?';
			// $res2 = $pdo->dml($sql2,array(json_encode($search_arr),$account,$tname));			
			// if($res2){
			// 	$tmp_arr['stat'] = 'ok';
			// }else{
			// 	$tmp_arr['stat'] = 'err2';
			// }
			// exit(json_encode($tmp_arr));
			break;



		//置为分类项
		case '_setSelect':
			$fname = I('fname','p');
			$tname = I('tname','p');
			$qtype = I('qtype','p');
			_checkVal($tname,$fname);//检测变量
			$pdo = MyPdo2::init();
			$sql = 'select fields from ledger_list where account = ? and tname = ?';
			$res = $pdo->dql($sql,array($account,$tname),1);
			if(@$res['fields']){
				$res_arr = json_decode($res['fields'],1);
				foreach($res_arr as $k=>$v){
					if($v['fieldTname'] == $fname){
						if($qtype){
							$res_arr[$k]['isSelect'] = false;
						}else{
							$res_arr[$k]['isSelect'] = true;
						}
					}else{
						$res_arr[$k]['isSelect'] = false;
					}
				}
				$sql2 = 'update ledger_list set fields = ? where account = ? and tname = ?';
				$res2 = $pdo->dml($sql2,array(json_encode($res_arr),$account,$tname));
				if($res2){
					$tmp_arr['stat'] = 'ok';
				}else{
					$tmp_arr['stat'] = 'err2';
				}
			}else{
				$tmp_arr['stat'] = 'err2';	//数据异常
			}
			exit(json_encode($tmp_arr));






			// exit;
			// $fname = I('fname','p');
			// $tname = I('tname','p');
			// _checkVal($tname,$fname);//检测变量
			// $pdo = MyPdo2::init();
			// $sql2 = 'update ledger_list set select_field = ? where account = ? and tname = ?';
			// $res2 = $pdo->dml($sql2,array($fname,$account,$tname),1);			
			// if($res2){
			// 	$tmp_arr['stat'] = 'ok';
			// }else{
			// 	$sql = 'update ledger_list set select_field = "" where account = ? and tname = ?';
			// 	$res = $pdo->dml($sql,array($account,$tname));
			// 	if($res){
			// 		$tmp_arr['stat'] = 'ok';
			// 	}else{
			// 		$tmp_arr['stat'] = 'err2';
			// 	}
			// }
			// exit(json_encode($tmp_arr));
			break;




		//删除字段
		case '_delField':
			$fname = I('fname','p');
			$tname = I('tname','p');
			_checkVal($tname,$fname);//检测变量
			$pdo = MyPdo2::init();
			$sql2 = 'select fields from ledger_list where account = ? and tname = ?';
			$res2 = $pdo->dql($sql2,array($account,$tname),1);
			if($res2 && $res2['fields']){
				$res_arr = json_decode($res2['fields'],1);
				$res_arr2 = array();
				foreach($res_arr as $k=>$v){
					if($v['fieldTname'] == $fname){
						continue;
					}
					$res_arr2[] = $v;
				}
				$sql3 = 'update ledger_list set fields=? where account = ? and tname = ?';
				$res3 = $pdo->dml($sql3,array(json_encode($res_arr2),$account,$tname));
				$sql = "alter table {$tname} drop {$fname}";
				$res = $pdo->dml($sql,array());
			}
			$tmp_arr['stat'] = 'ok';
			exit(json_encode($tmp_arr));
			break;




		//获取字段列表
		// case '_getFieldList':
		// 	$tname = I('tname','p');
		// 	_checkVal($tname);//检测变量
		// 	$pdo = MyPdo2::init();
		// 	$sql = "select fields from ledger_list where account = ? and tname = ?";
		// 	$res = $pdo->dql($sql,array($account,$tname),1);
		// 	if($res && $res['fields']){
		// 		$tmp_arr['data'] = json_decode($res['fields'],1);
		// 	}else{
		// 		$tmp_arr['data'] = array();
		// 	}
		// 	exit(json_encode($tmp_arr));
		// 	break;





		//添加字段
		case 'addField':
			$tname = I('tname','p');
			$fieldName = I('fieldName','p');
			$fieldTname = I('fieldTname','p');
			_checkVal($fieldTname,$fieldName,$tname);//检测变量
			if(!_checkChar($fieldName) || !_checkChar($fieldTname)){
				$tmp_arr['stat'] = 'err4';	//非法字符
				exit(json_encode($tmp_arr));
			}
			$pdo = MyPdo2::init();
			$sql = 'select fields from ledger_list where account = ? and tname = ?';
			$res = $pdo->dql($sql,array($account,$tname),1);

			if($res['fields'] == ''){
				$arr = array(
					array(
						'fieldName'=>$fieldName,
						'fieldTname'=>$fieldTname
					)
				);
			}else{
				$arr = json_decode($res['fields'],1);
				$tmp_stat = false;
				foreach($arr as $v){
					if($v['fieldTname'] == $fieldTname){
						$tmp_stat = true;
					}
				}
				if($tmp_stat){
					$tmp_arr['stat'] = 'err3';	//字段已存在
					exit(json_encode($tmp_arr));
				}else{
					$arr[] = array(
						'fieldName'=>$fieldName,
						'fieldTname'=>$fieldTname
					);
				}
			}
			$sql2 = "update ledger_list set fields = ? where account = ? and tname = ?";
			$res2 = $pdo->dml($sql2,array(json_encode($arr),$account,$tname));
			if($res2){
				$tmp_arr['stat'] = 'ok';
				$sql3 = "alter table {$tname} add {$fieldTname} varchar(100) default ''";
				$pdo->dml($sql3,array());
			}else{
				$tmp_arr['stat'] = 'err2';	//添加失败
			}
			exit(json_encode($tmp_arr));
			break;





		//获取台账列表
		case '_getLedgerList':
			$pdo = MyPdo2::init();
			$sql = "select id,name,tname,info from ledger_list where account = ?";
			$res = $pdo->dql($sql,array($account));
			if($res){
				$tmp_arr['data'] = $res;
			}else{
				$tmp_arr['data'] = array();
			}
			exit(json_encode($tmp_arr));
			break;






		//创建台账
		case 'createLedger':
			$lname = I('lname','p');
			$tname = I('tname','p');
			$info = I('info','p');
			_checkVal($lname,$tname);//检测变量
			if(!_checkChar($lname) || !_checkChar($tname) || !_checkChar($info,1)){
				$tmp_arr['stat'] = 'err4';	//非法字符
				exit(json_encode($tmp_arr));
			}

			$tname = 'table_'.$tname;

			$pdo = MyPdo2::init();
			$sql = "select id from ledger_list where tname =?";
			$res = $pdo->dql($sql,array($tname),1);
			if(!$res){
				$sql2 = "insert into ledger_list(account,name,tname,info) values(?,?,?,?)";
				$res2 = $pdo->dml($sql2,array($account,$lname,$tname,$info));
				if($res2){
					$tmp_arr['stat'] = 'ok';	//创建成功
					$sql3 = "create table {$tname}(id int primary key auto_increment)engine=myisam default charset=utf8";
					$res3 = $pdo->dml($sql3,array());
				}else{
					$tmp_arr['stat'] = 'err3';	//创建失败
				}
			}else{
				$tmp_arr['stat'] = 'err2';	//台账名或表名已存在
			}
			exit(json_encode($tmp_arr));
			break;







		//修改密码
		case "changePassword":
			$pwd1 = I('pwd1','p');
			$pwd2 = I('pwd2','p');
			_checkVal($pwd1,$pwd2);//检测变量

			$pdo = MyPdo2::init();
			$sql = 'update ledger_user set pwd = ? where account = ? and pwd = ?';
			$res = $pdo->dml($sql,array(md5($pwd2),$account,md5($pwd1)));
			if($res){
				$tmp_arr['stat'] = 'ok';
			}else{
				$tmp_arr['stat'] = 'err2';	//修改密码失败
			}
			exit(json_encode($tmp_arr));
			break;




		//登陆
		case 'login':
			$pwd = I('pwd','p');
			_checkVal($pwd);//检测变量
			$pdo = MyPdo2::init();
			$sql = 'select account,name,stat from ledger_user where account = ? and pwd = ? limit 1';
			$res = $pdo->dql($sql,array($account,md5($pwd)),1);
			if($res){
				if($res['stat'] == 2){
					$_SESSION['ledger_account'] = $res['account'];
				}
				$tmp_arr['stat'] = 'ok';
				$tmp_arr['data'] = $res;
			}else{
				$tmp_arr['stat'] = 'err2';
			}
			exit(json_encode($tmp_arr));
			break;




		//退出
		case 'exit':
			session_destroy();
			echo 'ok';
			break;





		//激活账号
		case 'register':
			$name = I('name','p');
			$pwd = I('pwd','p');
			_checkVal($name,$pwd);//检测变量
			$pdo = MyPdo2::init();
			$sql = 'select id from ledger_user where account = ?';
			$res = $pdo->dql($sql,array($account),1);
			if($res){
				$tmp_arr['stat'] = 'err2';	//工号已存在！
			}else{
				$sql2 = 'insert into ledger_user values(null,?,?,?,1)';
				$res2 = $pdo->dml($sql2,array($account,md5($pwd),$name));
				if($res2){
					$tmp_arr['stat'] = 'ok';	//工号激活成功！
				}else{
					$tmp_arr['stat'] = 'err3';	//工号激活异常！
				}
			}
			exit(json_encode($tmp_arr));
			break;
		
	}



